根据Goolge相关文档:
因此Google使用Oauth和JWT生成token和鉴权。
A successful login in Limited Login returns an AuthenticationToken instance. This is a JSON web token (JWT) containing your nonce, if you provided one, a signature, and other pieces of information. Your app should validate the token to make sure it is authentic.
Check that the JWT consists of three Base64Url-encoded parts separated by periods:
- Header
- Payload
- Signature
Parse the JWT to extract the three parts. Decode the payload and verify that it is a valid JSON object.
